Heads up to anyone using iOS's Mail app: security researcher Jan Souček has found a serious vulnerability in the way the app handles inline HTML, allowing an attacker to load arbitrary web pages—including a simulated iCloud login prompt for phishing purposes. You can watch the proof-of-concept here:
The iCloud prompt is only one possible exploit. Other login prompts could also be emulated with a bit of HTML and CSS. As such, grabbing Google or Facebook logins might be only a step away.
For the curious, Souček has a GitHub repository with his sample code. He found this bug back in iOS 8.1.2, and reported it last January. However, Apple didn't fix it in subsequent updates. I'm guessing they will now.
|Asus Tinker Board gives the Raspberry Pi 3 a run for its money||42|
|Mushkin enters the keyboard market with the Carbon KB-001||31|
|Report: PC gaming hardware market expands to an all-time high||41|
|Asus ROG Maximus IX Formula chills with an EKWB waterblock||4|
|Deals of the week: high-powered graphics cards, monitors, and more||13|
|Eurocom Tornado F5 SE mobile server can eat desktops for lunch||15|
|Microsoft releases Pix DX12 tuning and debugging tool for Windows||22|
|Cryorig's QF140 fans offer a choice of silence or performance||17|
|SteelSeries' Apex M500 keyboard reviewed||14|
|Face it. We all know the success of PC Gaming is because of the invention of the RGB LED.||+43|